This website uses cookies for advertising and analytics purposes as described in our cookie policy. For more information and to set preferences, please click here. By continuing to browse this website, you accept our use of cookies.

Two of our most dramatic findings were that, when our customers scanned their content at rest in sanctioned apps, 17.9 percent of all files violated a DLP policy and, of those, 22.2 percent were shared with one or more people outside of the company.

Drilling further into DLP violations, we looked at violation type. Over half of the DLP violations across aggregate Netskope Active Platform customers are either PII or PCI, with the next category being a custom, regular expression catch-all “confidential” violation. While this is probably not unexpected, it is worth noting that two things need to happen for a policy violation to occur: IT needs to set the policy, and a user needs to trigger it. So even if sensitive data is in the cloud, if it’s not being specifically targeted in a DLP policy, it won’t be detected. We expect confidential violations to grow in numbers as enterprises get to the next level with their custom, regex policies and identify more information they want to protect.

Category

Percent DLP Policy Violations

1.

Personally Identifiable Information (PII)

27%

2.

Payment Card Industry Information (PCI)

24%

3.

Confidential or Top Secret

17%

4.

Source Code

16%

5.

Protected Health Information (PHI)

12%

6.

Profanity

4%

One thing we noticed was the activities associated with these violation types. When it comes to PII, PCI, and PHI, there are more violations associated with the “upload” and “download” of data than any other activity. We also looked at categories, finding that 90 percent of all DLP violations happened in Cloud Storage. The remaining 10 percent occurred in Webmail, CRM, and Social Media.

So, based on these findings, what can you do to mitigate risk and protect data in the cloud? Download the report here for more findings and our top three quick wins for enterprise IT.